Thailand Hotel Chain Reports Data Breach Conducted by Desorden Group

Centara Hotels & Resorts, a luxury Thai hotel chain, have reported that they suffered a data breach last week. The hotel chain believes that the data of customers of Centara hotels has been accessed and stolen by an unlawful organisation. The hacker group Desorden, known for a spree of recent data breaches, has stated they are behind the Centara breach. 

In a report uploaded to the Centara website, CEO Thirayuth Chirathivat stated that the chain had suffered an attack on October 14th 2021. “On 14th October 2021, we were made aware of an alleged cyber-attack… Immediately after receiving the notification, we appointed a reputable, digital forensic consultant to deploy an investigation to identify and validate the compromised data.” 

According to the report, the data breach resulted in the “general personal data” of Centara customers being accessed. This data mainly included names and booking details of customers, with a minority of cases containing “phone numbers and email addresses, or some other contact information and IDs”. The company is still investigating the full extent of the data breach as of now. 

Chirathivat asked that affected guests change their usernames as soon as possible, and said to be wary of unsolicited phone calls that request personal information. They clarified “We can confirm that we at Centara Hotels & Resorts will not be contacting you to ask for any personal identifiable information.” 

Desorden Group 

The attack is said to have been conducted by hacker group Desorden, who identified themselves as the ones behind the attack. Desorden has been in the news recently after hacking computer manufacturer Acer twice. 

Messaging ZDNet, the Desorden group claimed that the attack on Centara Hotels & Resorts was part of a larger hack on the Central Group. Central Group is a multi-billion-dollar conglomerate owned by the Chirathivat family. 

According to the hacker group, the data breach occurred on Central Group’s servers. The data stolen includes customer and business information of 2000 restaurants owned by Central Group, as well as the aforementioned data from Centara Hotels & Resorts. 

Desorden stated that the Centara data breach involved 400GB of data collected over the course of ten days. The data stolen is said to include the personal details of guests of Centara hotels who visited between 2003 and 2021. 

Desorden has been behind a number of data breaches and ransomware attacks as of late. The group did not comment to ZDNet as to whether the stolen data was to be ransomed. They also claimed they were “assisting” Centara by showing security flaws. 

The hacker group recently attacked computer manufacturer Acer, and chose to sell off the data on underground markets. It is believed the group chose this avenue after Acer denied ransom payment to the REvil group, a separate hacker group that breached Acer earlier this year. 

It remains to be seen what Desorden will choose to do with the data that was stolen.